Description

Occurs when an application contains content provided from a 3rd party resource that is delivered without any type of content scrub.

Environments Affected

Web servers

Application servers

Client Machines

Risk Factors

Allowing hosted content from an untrusted server into a trusted application: affecting the server, server environment, and client machine.

No confirmation of Third Party Controls.

Examples

This following example is a common method to insert third party hosted content into a trusted an application.
If the hosting site is vulnerable to attack, all content delivered to an application would be vulnerable malicious changes.